Method for performing uncontrolled handover

ABSTRACT

A device, system and method for performing an uncontrolled handover in a mobile station, a ranging request message including an identifier of a serving base station and a first identifier used in the serving base station is transmitted to a first target base station to perform network (re)entry to the first target base station, and a ranging response message including security information and a second identifier for identifying the mobile station is received from the first target base station.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a 37 C.F.R. §1.53(b) continuation ofco-pending U.S. patent application Ser. No. 12/627,450 filed Nov. 30,2009, which claims priority on Korean Application No. 10-2009-0068851,filed Jul. 28, 2009, and which claims priority to U.S. ProvisionalApplication No. 61/169,287, filed on Apr. 14, 2009, the entire contentsof all which are hereby incorporated by reference and for which priorityis claimed under 35 U.S.C. §120.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a method and apparatus for performingan efficient and reliable handover, for application to a variety ofwireless access systems.

2. Discussion of the Background Art

A brief description will be made below of a conventional HandOver (HO)and ranging procedure.

HO is the process of maintaining a call in progress withoutinterruption, when a Mobile Station (MS) moves from the cell area (orcommunication zone) of its serving Base Station (BS) to that of anotherBS during the call. In other words, HO is a function of ensuring thecontinuity of an on-going call by channel or link switching.

There are three types of HO: softer HO, soft HO, and hard HO.

Softer HO is an HO that takes place within the same cell. In softer HO,an MS switches to a better channel among channels in use within cellcoverage.

Soft HO is an HO characterized by simultaneous use of two adjacentchannels and gradual termination of one of the channels in the end. InCode Division Multiple Access (CDMA), soft HO is readily implemented dueto use of the same frequency band.

Hard HO is a type of HO procedure in which an old channel isdisconnected immediately before a new channel is established.

To move from a cell area of a serving BS to a cell area of a target BSand perform a handover to the target BS, the MS may perform a rangingprocedure.

Ranging refers to a set of processes for maintaining the connectionquality (especially synchronization) of Radio Frequency (RF)communication between the MS and the BS in Institute of Electrical andElectronics Engineers (IEEE) 802.16 or Mobile Internet. In multipleaccess based on Orthogonal Frequency Division Multiple Access/TimeDivision Duplexing (OFDMA/DD), ranging does not matter for the downlinkbecause the BS transmits signals to a plurality of MSs at a singlereference timing.

On the other hand, a plurality of MSs transmit signals individually onthe uplink, resulting in different propagation delays. Therefore,ranging is carried out between the BS and an MS by a separate timingsynchronization scheme for the uplink. That is, ranging is a procedureby which a plurality of MSs correct their transmission timings.

For the purpose of uplink synchronization acquisition and power controlbetween the MS and the BS, initial ranging, periodic ranging, and HOranging are defined. Also, Bandwidth Request (BR) ranging is defined forthe MS to request a bandwidth to the BS.

Initial ranging occurs for an initial network entry and connectionprocedure, when the MS initially enters the BS, for example, when the MSis power-on or it transitions from a long sleep mode to an idle mode.Periodic ranging is performed periodically for the MS to tracksynchronization to the BS. To acquire synchronization with a target BSduring handover, the MS performs HO ranging. BR ranging is used torequest allocation of uplink resources to the BS. Only after acquiringsystem synchronization, the MS performs BR ranging.

Upon receipt of a ranging request message from the MS, the BS generatesa Connection IDentifier (CID) for the MS. Then the BS performsre-negotiations, re-authorization, and re-registration, etc. with theMS.

A CID is an address that identifies a connection mapped to a requiredservice flow between peers at a Medium Access Control (MAC) sublayer.The CID is included in a MAC Protocol Data Unit (PDU). That is, everyconnection between the BS and the MS is identified by a CID in a MACheader and the CID is mapped to a Service Flow IDentifier (SFID) thatdefines Quality of Service (QoS) parameters of the service flowassociated with the CID.

Each MS may be allocated management CIDs from the BS during the MS'saccess to the BS, namely initialization. That is, the MS may beallocated management CIDs from the BS during a series of ranging andregistration procedures. The management CIDs may be classified into aBasic CID (BCID), a Primary CID (CID), and a Secondary CID (SCID).

The BCID is used for the BS to identify the MS during an initial access.That is, the MAC address of the MS is mapped to the BCID. The PCID maybe used for an authorization message and dynamic resourceallocation-related messages. The SCID is optional and whether the SCIDwill be used may be determined during an MS capabilities negotiation.

Besides the management CIDs, there are a Transport CID (TCID) foridentifying a service of user traffic, a broadcasting CID foridentifying broadcast traffic, and a multicast CID. A TCID may beallocated to each connection established between the MS and the BS.

HandOver (HO) is a technology for enabling an MS to continue itson-going communication in a target BS by transitioning data contexts inwhich the MS was communicating with a serving BS to the target BS with aminimal interruption time, when the MS moves from the serving BS to thetarget BS. That is, HO ensures the continuity of a service that the MSis receiving.

Aside from normal handover, there are no specified procedures foruncontrolled handover. Moreover, during the uncontrolled handover, theMS should transmit its MAC address to the target BS to perform a rangingprocedure. In this case, it may be difficult to guarantee locationprivacy for the MS.

That is, it is necessary to consider procedures for guaranteeing thelocation privacy of the MS to protect the MS against malicious securitythreats during the uncontrolled handover.

To provide location privacy to the MS, a hashed MAC address and atemporary STation ID (STID) may be used for the MS. However, since thehashed MAC address and/or the temporary STID should be allocated to theMS during ranging, the ranging procedure may be unnecessarily prolonged.

SUMMARY OF THE INVENTION

An object of the present invention devised to solve the problem lies ona method and apparatus for performing an efficient and reliablehandover.

Another object of the present invention devised to solve the problemlies on a method for supporting location privacy for an MS, when the MSperforms uncontrolled handover.

A further object of the present invention devised to solve the problemlies on a method for being efficiently allocated an STID for use in atarget BS by an MS, when the MS performs an uncontrolled handover from aserving BS to the target BS.

It will be appreciated by persons skilled in the art that the objectsthat could be achieved with the present invention are not limited towhat has been particularly described hereinabove and the above and otherobjects that the present invention could achieve will be more clearlyunderstood from the following detailed description taken in conjunctionwith the accompanying drawings.

To solve the above technical problems, the present invention providesvarious methods and apparatuses for performing an efficient and reliableHO, for application to a variety of wireless access system.

In exemplary embodiments of the present invention, an uncontrolled HOmay be performed when a first target BS is not included in candidate BSsrecommended by a serving BS, or when the MS fails in an HO rangingprocedure with a target BS, that is, the target BS is unreachable by theMS.

The objects of the present invention can be achieved by providing asystem, device and method for performing an uncontrolled handover in anMS, the method including transmitting to the first target BS a rangingrequest message including an ID of a serving BS and a first ID used inthe serving BS to perform network (re)entry, and receiving a rangingresponse message including valid security information and a second IDfor identifying the MS from the first target BS.

The method may further include receiving a handover command messageincluding handover information and information about candidate BSs fromthe serving BS. The handover information may include at least one of anaction time parameter indicating a start of the network entry orreentry, a dedicated handover ranging code used in a candidate BS, and aranging opportunity used in the candidate BS.

If the MS station performs the uncontrolled handover, the method mayfurther include transmitting to the serving BS a handover indicationmessage including an event code indicating the uncontrolled handover andan ID of the first target BS being the preferred target BS of the MS.

The first identifier may be a station identifier (STID) uniquelyidentifying the mobile station in the serving base station, and thesecond identifier may be one of a station identifier uniquelyidentifying the mobile station in the first target base station and atemporary station identifier used to protect location privacy of themobile station.

The method may further include transmitting a ranging code to the firsttarget BS to perform the network (re)entry, and receiving a rangingresponse message including allocation information about a resourceregion allocated for a ranging procedure, as a response to the rangingcode. The ranging request message may be transmitted in the resourceregion indicated by the allocation information.

The valid security information can be able to include a Cipher-basedmessage authentication code (CMAC) tuple.

In another aspect of the present invention, provided herein is a system,device and method for performing an uncontrolled handover, the methodincluding receiving a ranging request message including an ID of aserving BS and a first ID used in the serving BS from an MS duringnetwork (re)entry with the MS, and transmitting to the MS a rangingresponse message including security information valid in a target BS anda second ID for identifying the MS.

The first identifier may be a station identifier (STID) uniquelyidentifying the mobile station in the serving base station, and thesecond identifier may be one of a station identifier uniquelyidentifying the mobile station in the first target base station and atemporary station identifier used to protect location privacy of themobile station.

The valid security information may include a Cipher-based messageauthentication code (CMAC) tuple.

The method may further include receiving a ranging code from the MS toperform the network (re)entry, and transmitting to the MS a rangingresponse message including allocation information about a resourceregion allocated for a ranging procedure, as a response to the rangingcode. The ranging request message may be received in the resource regionindicated by the information.

The method may further include transmitting a request message requestinginformation about the MS to the serving BS identified by the ID of theserving BS, and receiving a response message including the informationabout the MS from the serving BS. The information about the MS mayinclude a MAC address of the MS.

In a further aspect of the present invention, provided herein is an MSfor performing an uncontrolled handover, the MS including a transmissionmodule for controlling transmission of messages used for theuncontrolled handover, a reception module for controlling reception ofmessages used for the uncontrolled handover, a memory for storingparameters and information elements used for the uncontrolled handover,and a processor for controlling the uncontrolled handover. The processormay control the uncontrolled handover by transmitting a ranging requestmessage to a first target BS through the transmission module to performnetwork (re)entry to the first target BS, the ranging request messageincluding an ID of a serving BS and a first ID used in the serving BSand by receiving a ranging response message including valid securityinformation and a second ID for identifying the mobile station from thefirst target BS through the reception module.

The reception module may receive a handover command message includinghandover information and information about candidate BSs from theserving BS and transmit the handover command message to the processor.The processor may store the handover information in the memory andperform the uncontrolled handover based on the handover information.

The handover information may include at least one of an action timeparameter indicating a start of the network (re)entry, a handoverranging code used in a candidate base station, and a ranging opportunityused in the candidate base station.

If the MS performs the uncontrolled handover, the processor transmits ahandover indication message including an event code indicating theuncontrolled handover and an ID of the first target BS being thepreferred target BS of the MS to the serving BS through the transmissionmodule.

The first identifier may be a station identifier (STID) uniquelyidentifying the mobile station in the serving base station, and thesecond identifier may be one of a station identifier uniquelyidentifying the mobile station in the first target base station and atemporary station identifier used to protect location privacy of themobile station.

The valid security information may include a Cipher-based messageauthentication code (CMAC) tuple.

The processor may control the uncontrolled handover by transmitting aranging code to the first target BS through the transmission module toperform the network (re)entry and receiving a ranging response messageincluding allocation information about a resource region allocated for aranging procedure through the reception module, as a response to theranging code. The processor may control the transmission module totransmit the ranging request message in the resource region indicated bythe allocation information.

In a further aspect of the present invention, provided herein is anmethod for performing an uncontrolled handover in a mobilecommunications terminal, the method comprises the steps of determiningwhether or not a resource retain timer of a serving base station hasexpired; if the resource retain timer has not expired, initiating theuncontrolled handover by transmitting a ranging request message to atarget base station to perform network (re)entry to the target basestation, the ranging request message including an identifier of theserving base station and a first temporary identifier for identifyingthe mobile communications terminal by the serving base station; andreceiving a ranging response message from the target base station, theranging response message including security information and a secondtemporary identifier for identifying the mobile communications terminalby the target base station.

The method further comprises a step of initiating the uncontrolledhandover when the target base station is previously determined to be apreferred target base station of the mobile communications terminal andthe target base station is not a candidate base station recommended bythe serving base station, or when the mobile communications terminalcannot reach any candidate base station recommended by the serving basestation.

The method further comprises a step of receiving a handover commandmessage from the serving base station, the handover command messageincluding handover information and information about the candidate basestation.

The handover information may include at least one of an action timeparameter indicating a start of the network (re)entry, a handoverranging code used in the candidate base station, and a rangingopportunity used in the candidate base station.

The method further comprises a step of transmitting a handoverindication message to the serving base station, the handover indicationmessage including an event code indicating a start of the uncontrolledhandover and an identifier that identifies the target base station asbeing the preferred target base station of the mobile communicationsterminal.

The method further comprises steps of transmitting a ranging code to thetarget base station to perform the network (re)entry; and receiving aranging response message including allocation information about aresource region allocated for a ranging procedure, as a response to theranging code, wherein the ranging request message is transmitted in theresource region indicated by the allocation information.

The security information may include a Cipher-based messageauthentication code (CMAC) tuple.

The method further comprises, a step of transmitting a second rangingrequest message to the target base station to perform network (re)entryto the target base station, the ranging request message including apermanent identifier of the mobile terminal, when the resource retaintimer has not expired; and receiving a ranging response message from thetarget base station, the ranging response message including securityinformation and a third temporary identifier for identifying the mobilecommunications terminal.

In a further aspect of the present invention, provided herein is amethod for performing an uncontrolled handover between a mobilecommunications terminal, a serving base station and a target basestation, comprising: if a resource retain timer of the serving basestation has not expired, initiating the uncontrolled handover uponreceiving at the target base station a ranging request message from themobile communications terminal, including a request from the mobilecommunications terminal to perform network (re)entry to the target basestation, the ranging request message including an identifier of theserving base station and a first temporary identifier for identifyingthe mobile communications terminal by the serving base station; andtransmitting a ranging response message from the target base station tothe mobile communications terminal, the ranging response messageincluding security information and a second temporary identifier foridentifying the mobile communications terminal by the target basestation.

The uncontrolled handover is able to being initiated by the mobilecommunications terminal when the mobile communications terminal haspreviously determined the target base station to be a preferred targetbase station of the mobile communications terminal and the target basestation is not a candidate base station recommended by the serving basestation, or when the mobile communications terminal cannot reach anycandidate base station recommended by the serving base station.

The method further comprises a step of transmitting handover informationand base station information from the target base station to the servingbase station for inclusion in a handover command message to betransmitted by the serving base station to the mobile communicationsterminal.

The handover information may includes at least one of an action timeparameter indicating a start of the network (re)entry, a handoverranging code used in the candidate base station, and a rangingopportunity used in the target base station.

The method further comprises steps of receiving in the target basestation a ranging code from the mobile communications terminal toperform the network (re)entry; and transmitting, from the target basestation to the mobile communications terminal, a ranging responsemessage including allocation information about a resource regionallocated for a ranging procedure, as a response to the ranging code,wherein the ranging request message is transmitted in the resourceregion indicated by the allocation information.

The security information may include a Cipher-based messageauthentication code (CMAC) tuple.

The method further comprises steps of receiving, from the mobilecommunications terminal at the target base station, a second rangingrequest message to perform network (re)entry to the target base station,when the resource retain timer has not expired, and wherein the rangingrequest message including a permanent identifier of the mobile terminal;and transmitting a ranging response message from the target base stationto the mobile communications terminal, the ranging response messageincluding security information and a third temporary identifier foridentifying the mobile communications terminal.

In a further aspect of the present invention, provided herein is amobile communications terminal configured to perform uncontrolledhandover, comprising: a transmitter module; a receiver module; a memory;and a processor operatively connected to the transmitter module, thereceiver module and the memory, the processor configured to determinewhether or not a resource retain timer of a serving base station hasexpired.

If the resource retain timer has not expired, the processor of themobile communications terminal initiates the uncontrolled handover bytransmitting a ranging request message to a target base station toperform network (re)entry to the target base station, the rangingrequest message including an identifier of the serving base station anda first temporary identifier for identifying the mobile communicationsterminal by the serving base station, and receives a ranging responsemessage from the target base station, the ranging response messageincluding security information and a second temporary identifier foridentifying the mobile communications terminal by the target basestation.

The processor is configured to initiate the uncontrolled handover whenthe target base station is previously determined to be a preferredtarget base station of the mobile communications terminal and the targetbase station is not a candidate base station recommended by the servingbase station, or when the mobile communications terminal cannot reachany candidate base station recommended by the serving base station.

The processor is further configured to receive a handover commandmessage from the serving base station, the handover command messageincluding handover information and information about the candidate basestation.

The handover information may include at least one of an action timeparameter indicating a start of the network (re)entry, a handoverranging code used in the candidate base station, and a rangingopportunity used in the candidate base station.

The processor is able to being configured to transmit a handoverindication message to the serving base station, the handover indicationmessage including an event code indicating a start of the uncontrolledhandover and an identifier that identifies the target base station asbeing the preferred target base station of the mobile communicationsterminal.

The processor is able to being configured to transmit a ranging code tothe target base station to perform the network (re)entry, and receive aranging response message including allocation information about aresource region allocated for a ranging procedure, as a response to theranging code, and wherein the ranging request message is transmitted inthe resource region indicated by the allocation information.

The security information may include a Cipher-based messageauthentication code (CMAC) tuple. If the resource retain timer has notexpired, the processor is configured to transmit a second rangingrequest message to the target base station to perform network (re)entryto the target base station, the ranging request message including apermanent identifier of the mobile terminal, and receive a rangingresponse message from the target base station, the ranging responsemessage including security information and a third temporary identifierfor identifying the mobile communications terminal. The foregoingaspects of the present invention are merely part of preferredembodiments of the present invention and thus it is to be understood tothose skilled in the art that various embodiments reflecting thetechnical aspects of the present invention can be implemented based onthe following detailed description of the present invention.

Exemplary embodiments of the present invention have the followingeffects.

Firstly, a user can perform an efficient and reliable HO.

Secondly, when an MS performs an uncontrolled HO, the location privacyof the MS can be supported.

Thirdly, when an MS performs an uncontrolled HO, an STID can beefficiently allocated to the MS, for use in a target BS.

It will be appreciated by persons skilled in the art that the effectsthat could be achieved with the present invention are not limited towhat has been particularly described hereinabove and the above and otheradvantages of the present invention will be more clearly understood fromthe following detailed description taken in conjunction with theaccompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a furtherunderstanding of the invention, illustrate embodiments of the inventionand together with the description serve to explain the principle of theinvention.

FIG. 1 is a flowchart illustrating an overall HandOver (HO) procedure inan Institute of Electrical and Electronics Engineers (IEEE) 802.16esystem.

FIG. 2 is a diagram illustrating a signal flow for an overall HandOver(HO) procedure in an IEEE 802.16m system.

FIG. 3 is a diagram illustrating a case where a Mobile Station (MS)performs an uncontrolled HO to a preferred neighbor BS.

FIG. 4 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS.

FIG. 5 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS according to an exemplary embodiment of the presentinvention.

FIG. 6 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS according to another exemplary embodiment of the presentinvention.

FIG. 7 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS according to another exemplary embodiment of the presentinvention.

FIG. 8 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS according to an exemplary embodiment of the presentinvention.

FIG. 9 is a block diagram of an MS and a BS for performing the exemplaryembodiments of the present invention illustrated in FIGS. 2 to 8,according to a further exemplary embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Exemplary embodiments of the present invention provide a variety ofmethods and apparatuses for performing an efficient and reliablehandover, for application to various wireless access systems.

Exemplary embodiments described hereinbelow are combinations of elementsand features of the present invention. The elements or features may beconsidered selective unless otherwise mentioned. Each element or featuremay be practiced without being combined with other elements or features.Further, an embodiment of the present invention may be constructed bycombining parts of the elements and/or features. Operation ordersdescribed in embodiments of the present invention may be rearranged.Some constructions of any one embodiment may be included in anotherembodiment and may be replaced with corresponding constructions ofanother embodiment.

In the description of the attached drawings, a detailed description ofprocedures or steps that might obscure the subject matter of the presentinvention will be omitted. Also, procedures or steps that may beunderstood by those skilled in the art will not be described.

In exemplary embodiments of the present invention, a description is madeof a data transmission and reception relationship between a BS and anMS. Herein, the term ‘BS’ refers to a terminal node of a network, whichcommunicates directly with the MS. In some cases, a specific operationdescribed as performed by the BS may be performed by an upper node ofthe BS.

Namely, it is apparent that, in a network comprised of a plurality ofnetwork nodes including a BS, various operations performed forcommunication with an MS may be performed by the BS, or network nodesother than the BS. The term ‘BS’ may be replaced with the term ‘fixedstation’, ‘Node B’, ‘eNode B (eNB)’ or ‘Advanced Base Station (ABS),‘access point’, etc.

Also, the term ‘MS’ may be replaced with the term ‘User Equipment (UE)’,‘Subscribe Station (SS)’, Mobile Subscriber station, ‘mobile terminal,‘Advanced Mobile Station (AMS)’ or ‘terminal’, etc.

A transmitter is a fixed and/or mobile node that provides data or voiceservice and a receiver is a fixed and/or mobile node that receives dataor voice service. Therefore, an MS may be a transmitter and a BS may bea receiver, for an uplink. For a downlink, the MS may be a receiver andthe BS may be a transmitter.

The exemplary embodiments of the present invention may be supported bystandard documents disclosed for at least one of an Institute ofElectrical and Electronics Engineers (IEEE) 802 system, a 3^(rd)Generation Partnership Project (3GPP) system, a 3GPP Long Term Evolution(LTE) system, and a 3GPP2 system. That is, steps or parts that are notdescribed herein to clarify the subject matter of the present inventionin the exemplary embodiments of the present invention may be supportedby the documents.

All terms used in the specification may be described according to thestandard documents. Especially, the exemplary embodiments of the presentinvention may be supported by at least one of the following IEEE 802.16standard documents, P802.16e-2004, P802.16e-2005, P802.16Rev2, andP802.16m, the entire contents of which being incorporated herein byreference.

Now, the above and other aspects of the present invention will bedescribed in detail through preferred embodiments with reference to theaccompanying drawings. The detailed description is intended to explainexemplary embodiments of the present invention, rather than to show theonly embodiments that can be implemented according to the invention.

Specific terms used in the exemplary embodiments of the presentinvention are provided to help better understanding of the presentinvention, and these specific terms may be replaced with other termswithin the scope of the present invention.

For example, the term ‘uncontrolled Handover (HO)’ may beinterchangeably used with ‘un-coordinated HO’ or ‘uncooperative HO’.

FIG. 1 is a flowchart illustrating an overall HO procedure in anInstitute of Electrical and Electronics Engineers (IEEE) 802.16e system.

Referring to FIG. 1, an MS selects a cell during an HO and initialnetwork entry in steps S101 and S102. The cell selection is the processof scanning or ranging one or more BSs to search for an ABS with whichthe MS will establish a network connection or perform an HO. The MSshould schedule a scanning interval or a sleeping interval to make adecision as to whether a BS is available for initial network entry or asa target BS for an HO.

In step S103, the MS acquires synchronization to a service BS andreceives downlink parameters from the service BS during the initialnetwork entry. The service BS refers to a BS that provides a service ina network that the MS intends to enter at the moment. The service BS maybe called a serving BS. After acquiring synchronization to the serviceBS, the MS acquires uplink parameters from the service BS in step S104and adjusts the uplink parameters by performing a ranging procedure withthe service BS in step S105. The MS and the service BS have establishedbasic capabilities for communications between them in the aboveprocedure in step S106. In step S107, the service BS authorizes the MSand exchanges encryption keys with the MS. Thus, the MS is registered tothe service BS in step S108 and an Internet Protocol (IP) connection isestablished between them in step S109.

The service BS transmits operation parameters to the MS so that the MSmay perform a communication procedure in step S110 and a connection isestablished between the MS and the service BS in step S111. The MS andthe service BS are now capable of normal operations in step S112. Instep S113, the MS searches neighbor BSs continuously even during anormal operation with the BS.

The reason for performing step S113 is to search for a neighbor BS thatmay provide a better service, as the MS gets farther from the service BSduring movement and thus the quality of a service from the service BS isdecreased. This neighbor BS is called a target BS and the MS may performan HO by searching for the target BS.

In general, HO occurs when an MS moves from a service BS to a target BS.The HO is the process of switching a radio interface, a service flow, anetwork access point, etc. from the service BS to the target BS by theMS. In step S114, the HO starts with a decision on an HO made by the MS,the service BS, or a network manager.

The MS selects a target BS in step S115. In step S116, the MS acquiressynchronization to the target BS and downlink parameters from the targetBS. The MS acquires uplink parameters from the target BS in step S117and ranges the target BS and adjusts the uplink parameters with thetarget BS in step S118. If the MS has already received an NBR-ADVmessage including an Identifier (ID) and frequency of the target BS, andan Uplink/Downlink Channel Descriptor (UCD/DCD), the scanning andsynchronization procedure may be simplified. If the target BS hasreceived an HO notification from the service BS over a backbone network,it may provide a non-contention-based initial ranging opportunity to theMS by an Uplink-MAP (UL-MAP) message.

In step S119, the MS and the target BS have established basiccapabilities in the above procedure. The MS and the target BS start anetwork re-entry procedure by ranging. In step S120, the MS performsre-registration and re-establishes a connection with the target BS.Thus, the MS is registered to the target BS in step S121 and an IPconnection is re-established between the MS and the target BS in stepS122. The target BS is now the service BS of the MS and capable ofproviding a service to the MS.

Regarding the HO in FIG. 1, the MS may select a cell based oninformation about neighbor BSs acquired by scanning and decide on an HOfrom the service BS to a target BS. After the HO decision, the MSacquires synchronization to the target BS and performs a rangingprocedure with the target BS. The MS is then re-authorized. During there-authorization, the target BS may request information about the MS tothe service BS by a backbone message.

A handover and network re-entry procedure may be simplifiedsignificantly depending on information about the MS that the target BSpreserves. Also, some network entry procedures may be omitted accordingto the amount of the MS information that the target BS has.

While an MS-initiated HO has been mainly described in FIG. 1, theserving BS may determine whether the MS is to perform an HO, taking intoaccount the communication status between the MS and the serving BS. Evenwhen the serving BS decides on the HO, the HO may be performed in asimilar manner to the procedure illustrated in FIG. 1.

HO in IEEE 802.16m

FIG. 2 is a diagram illustrating a signal flow for an overall HOprocedure in an IEEE 802.16m system.

In the IEEE 802.16m system, an HO procedure may largely involve (1) HOdecision and initiation, (2) HO preparation, and (3) HO execution.

Before performing these three procedures, an AMS needs to perform ascanning procedure in which it collects information about neighborAdvanced Base Stations (ABSs). The scanning procedure is similar to thescanning procedure in the IEEE 802.16e network. For example, when thereis a non-communication period in which the AMS does not communicate witha Serving ABS (S-ABS), the AMS may scan neighbor ABSs during thenon-communication period.

In the HO decision and initiation procedure, either the AMS or the S-ABSmay initiate an HO. In the IEEE 802.16m system, the MS initiates an HOunder the following conditions.

-   -   1. A condition that defines when the AMS will report scanning        measurements to the S-ABS.    -   2. HO initiation by transmitting an AAI_HO-REQ message by the        AMS.    -   3. A condition that defines when the AMS cannot maintain        communication with the S-ABS.

When the AMS performs an HO to a Target ABS (T-ABS), the S-ABSdetermines whether Entry Before Break (EBB) or Break Before Entry (BBE)is to be performed.

In FIG. 2, part (A) indicates an S-ABS-initiated HO and part (B)indicates an AMS-initiated HO.

Referring to part (A) of FIG. 2, the S-ABS may negotiate a condition forHO execution and resources to be allocated to the AMS with one or moreT-ABSs in order to perform a coordinated HO.

The S-ABS may transmit AMS information to the one or more T-ABSs by anHO-REQ message in step S210.

Each of the one or more T-ABSs may transmit to the S-ABS HO informationincluding at least one of a dedicated ranging code and a rangingopportunity that are available to the AMS in the T-ABS by an HO-RSPmessage in step S212. The HO-RSP message may further include at leastone of a Station ID (STID) for use in the T-ABS and a security context(e.g. nonce).

The S-ABS may transmit to the AMS HO information about the one or morecandidate ABSs (e.g. target BSs) by a handover command (AAI_HO-CMD)message in step S214.

The AAI_HO-CMD message may further include action time and disconnecttime parameters. The action time parameter indicates a time when the AMSis supposed to perform network re-entry and the disconnect timeparameter indicates a time when the S-ABS is supposed to release uplinkand downlink resources from the AMS.

Referring to part (B) of FIG. 2, when an HO condition is satisfied, theAMS may request an HO to the S-ABS by a handover request (AAI_HO-REQ)message in step S220.

Upon receipt of the AAI_HO-REQ message from the AMS, the S-ABS maytransmit an HO-REQ message including AMS information about the AMS tothe one or more candidate ABSs in step S222.

Steps S224 and S226 are identical to steps S212 and S214 and thus aredundant description of steps S224 and S225 will not be providedherein. Steps S210, S212, S214, S220, S222, S224 and S226 may correspondto the HO preparation procedure. The STID of the AMS may be updatedpreliminarily between the AMS and the T-ABSs and the security context(e.g. nonce) of the AMS may be updated in advance through transmissionand reception of security information between the AMS and the T-ABSs, inthe HO preparation procedure. Also, dedicated ranging codes may beallocated to the AMS, for use in the T-ABSs.

After the HO preparation procedure, the AMS may selectively transmit anAAI_HO-IND message to the S-ABS in step S228.

The AAI_HO-IND message may include an event code described in Table 1below.

TABLE 1 Syntax Size Note AAI_HO-IND( ){ ~ ~ ~ Code variable Code 1:T-BAS selection for multiple candidate T- ABS case. Code 2: All targetABSs in AAI_HO-CMD are unreachable. Code 3: AMS unable to stayconnection to serving ABS until expiration of disconnection time Code 4:HO cancellation ~ ~ ~ }

Referring to Table 1, when the AMS transmits the AAI_HO-IND message tothe S-ABS, it may set an event code in the AAI_HO-IND message. If theevent code is set to ‘1’ (=Code 1), it means that the AMS has selectedone of a plurality of candidate ABSs. If the event code is set to ‘2’(=Code 2), this implies that the AMS cannot reach any of the candidateABSs and the AMS may perform an uncontrolled HO procedure later. In thiscase, the AMS includes a newly selected T-ABS in the AAI_HO-IND message.

If the event code is set to ‘3’ (=Code 3), this implies that the AMScannot maintain the connection to the S-ABS until a disconnect time setby the S-ABS expires. If the event code is set to ‘4’ (=Code 4), thisimplies that the AMS cancels the HO.

That is, when the AMS receives an AAI_HO-CMD message including HOinformation about a plurality of candidate ABSs from the S-ABS, the AMSnotifies the S-ABS of a final target ABS to which the AMS will performthe HO by an AAI_HO-IND message.

If the S-ABS sets only one candidate ABS in the AAI_HO-CMD message, theAMS does not need to notify the S-ABS of its chosen T-ABS by theAAI_HO-IND message. When the HO is cancelled or some problem occurs tothe HO during the HO, the AMS may also transmit information about the HOcancellation or the HO problem to the S-ABS by the AAI_HO-IND message.That is, the AAI_HO-IND message is optional, not mandatory.

The HO execution procedure may be carried out at a time indicated by theaction time parameter. That is, the AMS may perform a network re-entryprocedure with the T-ABS at the time indicated by the action timeparameter in step S230.

The AMS may transmit a CDMA ranging code or an AAI_RNG-REQ message tothe T-ABS at the action time to perform the network re-entry procedurein step S230.

In case of EBB, the AMS may communicate with the S-ABS during apredetermined Available Interval (AI) during the network re-entry.Meanwhile, during an Un-Available Interval (UAI), the AMS may performthe network re-entry to the T-ABS in step S240.

On the other hand, in case of BBE, the AI or the UAI is not determined.Therefore, the AMS operates in the same manner as for hard HO in thelegacy IEEE 802.16e network.

Upon completion of the network re-entry, the T-ABS transmits an HO-CMPLTmessage to the S-ABS in step S250 and a data path is established betweenthe AMS and the T-ABS in step S260.

The HO procedure illustrated in FIG. 2 may be called a controlled HO orcoordinated HO. The messages and parameters as described with referenceto FIG. 2 may be applicable to the following exemplary embodiments ofthe present invention. Under certain conditions, the messages andparameters may be changed or modified.

Uncontrolled HO

An uncontrolled or uncoordinated HO may occur to the AMS during acoordinated HO procedure in progress. In this case, the AMS shouldperform ranging with the T-ABS in the same manner as for initial networkentry.

There are largely two types of uncontrolled or uncoordinated HO. A firsttype, Type 1 occurs when the AMS prefers none of candidate ABSs that theS-ABS set in the AAI_HO-CMD message (a case of an uncoordinated ABS). Asecond type, Type 2 is triggered when the AMS has attempted networkre-entry to the T-ABS but failed in transmitting a CDMA ranging code tothe T-ABS or transmitting and receiving ranging messages to and from theT-ABS (a case of an unreachable T-ABS).

FIG. 3 is a diagram illustrating a case where the AMS performs anuncontrolled HO of Type 1 to its preferred neighbor ABS.

It is assumed in FIG. 3 that an STID of 2 is allocated to the AMS, aBSID of the S-ABS is 3, and first and second T-ABSs among candidate ABSshave a BSID of 4 and a BSID of 5, respectively.

Referring to FIG. 3, the AMS may transmit an AAI_HO-REQ message to theS-ABS to initiate an HO in step S301. NINA Step S301 may be performedonly in case of an AMS-initiated HO, not in case of an ABS-initiated HO.In other words, step S301 is optional according to an HO situation.

The S-ABS with BSID=3 may transmit an AAI_HO-REQ message including AMSinformation about the AMS to one or more candidate ABSs. The AMSinformation may include a MAC address and/or an AMS context of the AMS,etc. For notational simplicity, it is assumed that the S-ABS transmitsan HO-REQ message to the first T-ABS with BSID=4 in step S302.

The first T-ABS with BSID=4 may transmit an HO-RSP message including HOinformation such as a dedicated ranging code, a ranging opportunity, anaction time parameter, a UAI/AI, etc. for use in network re-entry of theAMS to the S-ABS over the backbone network in step S303.

Also, the HO-RSP message may further include an action time parameterindicating a time when network entry is performed and/or a resourceretain time parameter indicating a time period for which informationassociated with the S-ABS is maintained.

The S-ABS may transmit an AAI_HO-CMD message including HO informationand information about recommended candidate ABSs to the AMS in stepS304. The information about recommended candidate ABSs may be IDs of therecommended candidate ABSs (e.g. BSID=4) or a list of the recommendedcandidate ABSs.

The AMS may prefer a T-ABS other than the recommended candidate ABSs setin the AAI_HO-CMD message. The AMS may then transmit an AAI_HO-INDmessage including an event code set to 2 (Code 2) and the ID of apreferred T-ABS, BSID=5 to the S-ABS in step S305. In this manner, theAMS may perform an uncontrolled HO to the second T-ABS (BSID=5).

Because an HO preparation procedure has not been carried out between thesecond T-ABS with BSID=5 and the S-ABS, the second T-ABS and the AMS maynot update security information and/or the STID of the AMS in advance.As a consequence, the location privacy of the AMS may be vulnerable toviolation.

To support the location privacy of the AMS, the AMS and the second T-ABSshould perform a network re-entry procedure by use of a hashed MACaddress, or the MAC address and temporary STID of the AMS. In thissituation, without coordination between the S-ABS and the second T-ABS,a security context associated with the AMS is not shared between the twoABSs. Therefore, no HO optimization is performed.

The AMS may move into the cell area of the second T-ABS with BSID=5 thatit prefers and receive a preamble or a SuperFrame Header (SFH) broadcastperiodically from the second T-ABS. That is, the AMS may acquiredownlink synchronization to the second T-ABS using the preamble or theSFH in step S306.

In step S307, the AMS may transmit a contention-based CDMA ranging codeto the second T-ABS in the earliest ranging opportunity after thedownlink synchronization acquisition in order to perform the networkre-entry to the second T-ABS.

Upon receipt of the CDMA ranging code, the second T-ABS may allocate aresource area to the AMS, in which the AMS and the T-ABS will transmitand receive ranging messages. Thus, the second T-ABS may transmit anAAI_RNG-RSP message including information about the allocated radioresources to the AMS in step S308.

The AMS may transmit an AAI_RNG-REQ message in the allocated resourcearea to the second T-ABS in step S309. The AAI_RNG-REQ message mayinclude a valid Cipher-based Message Authentication Code (CMAC) tuple.

The second T-ABS may transmit to the AMS a temporary STID that the AMSwill use in the second T-ABS and a CMA tuple valid in the second T-ABSin step S310.

The AMS and the second T-ABS may negotiate capabilities using thetemporary STID in step S311 and may update a nonce in an authorizationphase in step S312.

The second T-ABS may also allocate an AMS-specific STID to the AMS byexchanging management messages with the AMS in step S313.

The AMS, which has established a connection to the second T-ABS, maytransmit and receive data reliably to and from the second T-ABS usingthe STID in step S314.

FIG. 4 is a diagram illustrating a signal flow for a method forperforming an uncontrolled HO of Type 2 to a neighbor ABS, when the AMSfails in an HO to a T-ABS.

In the illustrated case of FIG. 4, the AMS fails in an HO to a T-ABSrecommended by the S-ABS due to an unintended error and performs an HOto another T-ABS in an uncontrolled fashion, without notifying the S-ABSof this situation. Steps S401 to S404 are identical to steps S301 toS304 of FIG. 3. Therefore, FIG. 3 is referred to for steps S401 to S404.

Referring to FIG. 4, the AMS may transmit a CDMA ranging code to thefirst T-ABS with BSID=4 at an action time to perform an HO to the firstT-ABS. However, the AMS may fail in transmitting the CDMA ranging codewithin a ranging opportunity time limit due to its channel status instep S405.

Thus, the AMS may perform an uncontrolled HO to the second T-ABS. StepsS406 to S414 are identical to steps S306 to S314. Hence, FIG. 3 may bereferred to for steps S406 to S414.

The uncontrolled HO has been described with reference to FIGS. 3 and 4.The HO procedure illustrated in FIGS. 1 and 2 is for a controlled orcoordinated HO being the counterpart of the uncontrolled HO.

FIG. 5 is a diagram illustrating a signal flow for a method forperforming a handover to a neighbor BS, when an MS fails in a handoverto a target BS according to an exemplary embodiment of the presentinvention.

FIG. 5 discloses a method for being allocated a STID uniquelyidentifying the AMS in a target base station when the AMS performsnetwork re-entry to the T-ABS in an uncontrolled HO situation. In theillustrated case of FIG. 5, an uncontrolled HO of Type 2 as describedwith reference to FIG. 4 is performed.

Referring to FIG. 5, in spite of an HO of the AMS, the S-ABS may keepinformation about the AMS as long as the value of a resource retaintimer, without immediately deleting the AMS information. Therefore, incase where the AMS returns to the S-ABS or another T-ABS requests theAMS information to the S-ABS during an uncontrolled HO, the S-ABS mayprovide a service again immediately to the AMS or rapidly transmit theAMS information to the T-ABS.

That is, during the uncontrolled HO of the AMS to the T-ABS, if theT-ABS has knowledge of the S-ABS from which the AMS has moved, it mayrequest the AMS information to the S-ABS, thereby guaranteeing locationprivacy to the AMS and efficiently performing a remaining HO procedureor a network re-entry procedure.

However, upon expiration of the resource retain timer of the S-ABS thathas provided a service to the AMS, the AMS should perform a rangingprocedure the same as or similar to an initial network entry to theT-ABS. (The AMS is aware of when the resource retain timer of the S-ABSexpires.) That is, the AMS should include the AMS's MAC address insteadof the valid Cipher-based Message Authentication Code (CMAC) tuple. Theexpired timer entry request/re-entry request may also include the S-ABSID, so that the T-ABS has the option of querying the prior base stationfor information regarding the AMS.

Steps S501 to S507 of FIG. 5 are identical to steps S401 to S407 of FIG.4. Thus, the description of FIGS. 3 and 4 may be referred to for stepsS501 to S507.

Upon receipt of a contention-based CDMA ranging code from the AMS, thesecond T-ABS with BSID=5 may allocate a resource area to the AMS, sothat the AMS performs network re-entry to the second T-ABS in theresource region. Information about the allocated resource region may beincluded in a CDMA allocation Information Element (IE). The second T-ABSmay transmit an AAI_RNG-RSP message including the CDMA allocation IE tothe AMS in step S508.

The AMS may transmit an AAI_RNG-REQ message in the allocated resourceregion indicated by the CDMA allocation IE to the second T-ABS in stepS509. The AAI_RNG-REQ message may include the BSID (=3) of the old S-ABSand the STID (=2) of the AMS used in the old S-ABS.

Upon receipt of the AAI_RNG-REQ message from the AMS, the second T-ABSmay be aware of the old S-ABS of the AMS from the BSID set in theAAI_RNG-REQ message. Accordingly, the second T-ABS may request AMSinformation corresponding to the STID of the AMS to the S-ABS in stepS510.

Upon receipt of the AMS-related request from the second T-ABS within atime period set to the resource retain timer, the S-ABS may transmit theAMS information associated with the AMS to the second T-ABS in stepS511. The AMS information may include at least one of the MAC address ofthe AMS, information about the basic capabilities of the AMS, securityparameters (e.g. security performance, an authentication key (AK),etc.), and a nonce.

The second T-ABS may authenticate the AMS using the security parameters,the nonce, the AK, etc. that it shares in steps S512 a and S512 b.

The second T-ABS may reply to the AAI_RNG-REQ message with anAAI_RNG-RSP message including a new STID uniquely allocated to the AMS,an updated nonce, etc. to the AMS in step S513. The AAI_RNG-RSP messagemay further include a CMAC tuple valid in the second T-ABS.

If the authentication procedure of steps S512 a and S512 b is performedafter the HO ranging procedure, the second T-ABS may transmit atemporary STID instead of the new STID to the AMS by the AAI_RNG-RSPmessage in order to protect the MAC address of the AMS.

In step S514, the AMS may exchange information with the second T-ABSnormally using the allocated STID.

FIG. 6 is a diagram illustrating a signal flow for a method forperforming an HO to a neighbor ABS, when an AMS fails in an HO to aT-ABS according to another exemplary embodiment of the presentinvention.

FIG. 6 illustrates a method for efficiently allocating an STID specificto an AMS by a target ABS, when the AMS performs network re-entry to thetarget ABS in an uncontrolled HO situation. In the illustrated case ofFIG. 6, an uncontrolled HO of Type 1 as described with reference to FIG.3 is performed.

It is assumed in FIG. 6 that an STID of 2 is allocated to the AMS, theBSID of the S-ABS is 3, and the first and second T-ABSs among candidateABSs have a BSID of 4 and a BSID of 5, respectively.

Referring to FIG. 6, the AMS may transmit an AAI_HO-REQ message to theS-ABS to initiate an HO in step S601.

Step S601 may be performed only in case of an AMS-initiated HO, not incase of an ABS-initiated HO. In other words, step S601 is optionalaccording to an HO situation.

The S-ABS with BSID=3 may transmit an AAI_HO-REQ message including AMSinformation about the AMS to one or more candidate ABSs. For notationalsimplicity, it is assumed that the S-ABS transmits an HO-REQ message tothe first T-ABS with BSID=4 in step S602.

The first T-ABS may transmit an HO-RSP message including HO informationsuch as a dedicated ranging code, a ranging opportunity, an action timeparameter, a UAI/AI, etc. for use in network re-entry of the AMS to theS-ABS over the backbone network in step S603.

The S-ABS may transmit an AAI_HO-CMD message including HO informationand information about recommended candidate ABSs (e.g. BSID=4) to theAMS in step S604.

When the AMS intends to perform an HO to a T-ABS other than thecandidate ABSs recommended by the S-ABS, it may transmit an AAI_HO-INDmessage including information about the preferred T-ABS (e.g. BSID=5) tothe S-ABS in step S605. An event code may be set to 2 (Code 2) in theAAI_HO-IND message.

Thus the S-ABS may be aware that the T-ABS to which the AMS intends toperform the HO is the second T-ABS. Accordingly, the S-ABS may providethe AMS information to the second T-ABS by resetting the resource retaintimer, as requested by the user.

The AMS may move into the cell area of the second T-ABS with BSID=5 thatit prefers and receive a preamble or an SFH broadcast periodically fromthe second T-ABS. That is, the AMS may acquire downlink synchronizationto the second T-ABS using the preamble or the SFH in step S606.

In step S607, the AMS may transmit a contention-based CDMA ranging codeto the second T-ABS in the earliest ranging opportunity after thedownlink synchronization acquisition in order to perform the networkre-entry to the second T-ABS.

Upon receipt of the contention-based CDMA ranging code, the second T-ABSmay allocate a resource region to the AMS, so that the AMS performsnetwork re-entry to the second T-ABS in the resource region. Informationabout the allocated resource region may be included in a CDMA allocationIE. The second T-ABS may transmit an AAI_RNG-RSP message including theCDMA allocation IE to the AMS in step S608.

The AMS may transmit an AAI_RNG-REQ message in the allocated resourcearea indicated by the CDMA allocation IE to the second T-ABS in stepS609. The AAI_RNG-REQ message may include the BSID (=3) of the old S-ABSand the STID (=2) of the AMS last used in the old S-ABS.

Upon receipt of the AAI_RNG-REQ message from the AMS, the second T-ABSmay be aware of the old S-ABS of the AMS from the BSID set in theAAI_RNG-REQ message. Accordingly, the second T-ABS may request AMSinformation corresponding to the STID of the AMS to the S-ABS in stepS610.

Upon receipt of the AMS-related request from the second T-ABS within atime period set to the resource retain timer, the S-ABS may transmit theAMS information associated with the AMS to the second T-ABS in stepS611. The AMS information may include at least one of the MAC address ofthe AMS, information about the basic capabilities of the AMS, securityparameters (e.g. security performance, an AK, etc.), and a nonce.

The second T-ABS may authenticate the AMS using the security parameters,the nonce, the AK, etc. that it shares in steps S612 a and S612 b.

The second T-ABS may reply to the AAI_RNG-REQ message with anAAI_RNG-RSP message including a new STID specific to the AMS, an updatednonce, etc. to the AMS in step S613. The AAI_RNG-RSP message may furtherinclude a CMAC tuple valid in the second T-ABS.

If the authentication procedure of steps S612 a and S612 b is performedafter the HO ranging procedure, the second T-ABS may transmit atemporary STID instead of the new STID to the AMS by the AAI_RNG-RSPmessage in order to protect the MAC address of the AMS.

In step S614, the AMS may exchange information with the second T-ABSnormally using the allocated STID or the temporary STID.

FIG. 7 is a diagram illustrating a signal flow for a method forperforming an uncontrolled HO to a neighbor ABS, when an AMS fails in anHO to a T-ABS according to another exemplary embodiment of the presentinvention.

The uncontrolled HO illustrated in FIG. 7 is similar to that illustratedin FIG. 6. Therefore, a description of steps S701 to S705 can bereplaced with that of steps S601 to S605 of FIG. 6.

Referring to FIG. 7, upon receipt of an AAI_HO-IND message from the AMSin step S705, the S-ABS may be aware that a T-ABS to which the AMSintends to perform the HO is the second T-ABS. Accordingly, the S-ABSmay transmit an HO-REQ message including AMS information about the AMSand/or the ID of the S-ABS (BSID=3) to the second T-ABS that the AMSprefers over the backbone network in step S706. The AMS information mayinclude an AMS context, an STID, information about basic capabilities ofthe AMS, security information, and the MAC address of the AMS.

Upon receipt of the HO-REQ message from the S-ABS, the second T-ABS maystore the AMS information for a predetermined time period.

The AMS may move into the cell area of the second T-ABS with BSID=5 thatit prefers and receive a preamble or an SFH broadcast periodically fromthe second T-ABS. That is, the AMS may acquire downlink synchronizationto the second T-ABS using the preamble or the SFH in step S707.

In step S708, the AMS may transmit a contention-based CDMA ranging codeto the second T-ABS in the earliest ranging opportunity after thedownlink synchronization acquisition in order to perform the networkre-entry to the second T-ABS.

Upon receipt of the contention-based CDMA ranging code, the second T-ABSmay allocate a resource area to the AMS, so that the AMS performsnetwork re-entry to the second T-ABS in the resource region. Informationabout the allocated resource region may be included in a CDMA allocationIE. The second T-ABS may transmit an AAI_RNG-RSP message including theCDMA allocation IE to the AMS in step S709.

The AMS may transmit an AAI_RNG-REQ message in the allocated resourceregion indicated by the CDMA allocation IE to the second T-ABS in stepS710. The AAI_RNG-REQ message may include the BSID (=3) of the old S-ABSand the STID (=2) of the AMS used in the old S-ABS lastly.

Upon receipt of the AAI_RNG-REQ message from the AMS, the second T-ABSmay acquire AMS information (e.g. the MAC address) by comparing the AMSinformation and/or the BSID received and stored in step S706 with theBSID of 3 and the STID of 2 set in the AAI_RNG-REQ message.

Accordingly, the second T-ABS and the AMS may perform authenticationswithout an additional procedure in steps S711 a and S711 b.

The second T-ABS may reply to the AAI_RNG-REQ message with anAAI_RNG-RSP message including a new STID specific to the AMS, an updatednonce, etc. to the AMS in step S712. The AAI_RNG-RSP message may furtherinclude a CMAC tuple valid in the second T-ABS.

If the authentication procedure of steps S711 a and S711 b is performedafter the HO ranging procedure, the second T-ABS may transmit atemporary STID instead of the new STID to the AMS by the AAI_RNG-RSPmessage in order to protect the MAC address of the AMS.

In step S713, the AMS may exchange information with the second T-ABSnormally using the allocated STID.

FIG. 8 is a diagram illustrating a signal flow for a method forperforming an HO to a neighbor ABS, when an AMS fails in an HO to aT-ABS according to another exemplary embodiment of the presentinvention.

FIG. 8 is basically based on the same assumption of FIG. 6. Therefore, adescription of steps S801 to S805 of FIG. 8 can be replaced with thedescription of steps S601 to S605 of FIG. 6.

Referring to FIG. 8, the S-ABS with BSID=3 may transmit an HO-REQmessage including AMS information about the AMS to the second T-ABS withBSID=5 in step S806.

The second T-ABS may transmit an HO-RSP message including HO informationsuch as a dedicated ranging code, a ranging opportunity, an action timeparameter, a UAI/AI, etc. for use in network re-entry of the AMS to theS-ABS over the backbone network in step S807.

The S-ABS may transmit an AAI_HO-CMD message including the received HOinformation to the AMS in step S808.

The AMS may move into the cell area of the second T-ABS with BSID=5 thatit prefers and receive a preamble or an SFH broadcast periodically fromthe second T-ABS. That is, the AMS may acquire downlink synchronizationto the second T-ABS using the preamble or the SFH in step S809.

In step S810, the AMS may transmit a CDMA ranging code to the secondT-ABS using the dedicated ranging code and ranging opportunity includedin the HO information received in step S808.

The following ranging procedure between the AMS and the second T-ABS insteps S811 to S817 is identical to steps S608 to S614 of FIG. 6.Therefore, FIG. 6 is referred to for steps S811 to S817.

FIG. 9 is a block diagram of an AMS and an ABS for performing theexemplary embodiments of the present invention illustrated in FIGS. 2 to8, according to a further exemplary embodiment of the present invention.

The AMS may operate as a transmitter on an uplink and as a receiver on adownlink. The ABS may operate as a receiver on the uplink and as atransmitter on the downlink.

The AMS and the ABS may include Transmission (Tx) modules 940 and 950,respectively and Reception (Rx) modules 960 and 970, respectively, tocontrol transmission and reception of information, data, and/ormessages. Also, the AMS and the ABS may include antennas 900 and 910,respectively to transmit and receive the information, data, and/ormessages. The AMS and the ABS may further include processors 920 and930, respectively for implementing the afore-described exemplaryembodiments of the present invention and memories 980 and 990,respectively for temporarily or permanently storing informationgenerated during the operations of the processors 920 and 930.

Especially each of the processors 920 and 930 may include an HO modulefor performing the HO procedures according to the exemplary embodimentsof the present invention, an encryption module (or means) for encryptinga predetermined number of timer messages, and/or a decoding module (ormeans) for interpreting encrypted messages. Also, the AMS and the ABSillustrated in FIG. 9 each may further include a low-power Radiofrequency/Intermediate Frequency (RF/IF) module.

The Tx and Rx modules 940 to 970 of the AMS and the ABS may carry outpacket modulation and demodulation, high-speed packet channel coding,Orthogonal Frequency Division Multiple Access (OFDMA) packet scheduling,and/or channel multiplexing, for data transmission.

The processors 920 and 930 of the AMS and the ABS may perform a controlfunction for an uncontrolled HO according to the present invention, anHO function, an authentication and encryption function, a variable MACframe control function, a real-time high-speed traffic control function,and/or a real-time MODEM control function.

The apparatuses illustrated in FIG. 9 may implement the methodsdescribed with reference to FIGS. 1 to 8. The exemplary embodiments ofthe present invention may be implemented using the components andfunctions of the AMS and ABS apparatuses.

The processor 920 of the AMS may monitor the HO conditions describedbefore with reference to FIGS. 1 and 2. If an HO initiation condition ismet, the processor 920 includes AMS information about the AMS in anAAI_HO-REQ message and controls the Tx module 940 to transmit theAAI_HO-REQ message to an S-ABS through the antenna 900.

The Rx module 960 of the AMS may receive an AAI_HO-CMD message from theS-ABS and provide it to the processor 920. The processor 920 may storeHO information included in the AAI_HO-CMD message in the memory 980 andperform an HO operation based on the HO information.

The processor 920 of the AMS may determine whether to perform theafore-described controlled or uncontrolled HO. It is assumed in theexemplary embodiment of the present invention that the uncontrolled HOis performed. Therefore, the AMS may transmit an AAI_HO-IND message tothe ABS using the processor 920, the Tx module 940, and the antenna 900.

The AMS may perform network re-entry described in FIGS. 3 to 8 to aT-ABS using the HO module of the processor 920 and transmit and receiveassociated messages through the Tx module 940, the Rx module 960, andthe antenna 900. The processor 920 is responsible for controlling the HOprocedure.

The Rx module 970 of the S-ABS may provide an HO-REQ message and/or anHO-IND message received through the antenna 950 to the processor 990.The processor 990 may store AMS information in the memory 990 andtransmit an AAI_HO-CMD message including HO information to the AMSthrough the Tx module 950.

The T-ABS may perform the network re-entry procedure described withreference to FIGS. 3 to 8 with the AMS using its antenna, Tx module andRx module. That is, the T-ABS may manage an HO procedure using the HOmodule of the processor and transmit and receive messages required forimplementing the HO procedure to and from the AMS.

Meanwhile, the MS or AMS may be any of a Personal Digital Assistant(PDA), a cellular phone, a Personal Communication Service (PCS) phone, aGlobal System for Mobile (GSM) phone, a Wideband Code Division MultipleAccess (WCDMA) phone, a Mobile Broadband System (MBS) phone, a hand-heldPC, a laptop PC, a smart phone, a Multi Mode-Multi Band (MM-MB)terminal, etc.

The smart phone is a terminal taking the advantages of both a mobilephone and a PDA. It incorporates the functions of a PDA, that is,scheduling and data communications such as fax transmission andreception and Internet connection into a mobile phone. The MB-MMterminal refers to a terminal which has a multi-modem chip built thereinand which can operate in any of a mobile Internet system and othermobile communication systems (e.g. CDMA 2000, WCDMA, etc.)

The exemplary embodiments of the present invention may be achieved byvarious means, for example, hardware, firmware, software, or acombination thereof.

In a hardware configuration, a method for transmitting an uplink signalaccording to exemplary embodiments of the present invention may beachieved by one or more Application Specific Integrated Circuits(ASICs), Digital Signal Processors (DSPs), Digital Signal ProcessingDevices (DSPDs), Programmable Logic Devices (PLDs), Field ProgrammableGate Arrays (FPGAs), processors, controllers, microcontrollers,microprocessors, etc.

In a firmware or software configuration, the methods according to theexemplary embodiments of the present invention may be implemented in theform of a module, a procedure, a function, etc. performing theabove-described functions or operations. For example, software code maybe stored in the memories 980 and 990 and executed by the processors 920and 930. The memories are located at the interior or exterior of theprocessors and may transmit and receive data to and from the processorvia various known means.

Those skilled in the art will appreciate that the present invention maybe carried out in other specific ways than those set forth hereinwithout departing from the spirit and essential characteristics of thepresent invention. The above embodiments are therefore to be construedin all aspects as illustrative and not restrictive. The scope of theinvention should be determined by the appended claims and their legalequivalents, not by the above description, and all changes coming withinthe meaning and equivalency range of the appended claims are intended tobe embraced therein. It is obvious to those skilled in the art thatclaims that are not explicitly cited in each other in the appendedclaims may be presented in combination as an exemplary embodiment of thepresent invention or included as a new claim by a subsequent amendmentafter the application is filed.

The exemplary embodiments of the present invention are applicable tovarious wireless access systems. For example, the wireless accesssystems are a 3GPP system, a 3GPP2 system, and/or an IEEE 802.xx system.Besides the wireless access systems, the exemplary embodiments of thepresent invention are applicable to all technical fields in which thewireless access systems find their applications.

1. A method for performing an uncontrolled handover in a mobile station(MS), the method comprising: receiving, from a serving base station(SBS), a handover command message comprising one or more base stationidentifiers (BSIDs) of target base stations (TBSs) recommended by theSBS; transmitting, to the SBS, a handover indication message comprisingan event code indicating all TBSs are unreachable and a BSID of apreferred TBS, when all TBSs are unreachable and the MS has thepreferred TBS; performing a contention based CDMA ranging procedure withthe preferred TBS; transmitting, to the preferred TBS, a ranging requestmessage comprising a base station identifier of the SBS and a stationidentifier (STID) which the MS uses in the SBS; and receiving, from thepreferred TBS, a ranging response message comprising a STID to be usedin the preferred TBS.
 2. The method according to claim 1, wherein theranging response message is transmitted in response to the rangingrequest message.
 3. The method according to claim 1, wherein the rangingrequest message and the ranging response message are used for theuncontrolled handover.
 4. The method according to claim 1, wherein theuncontrolled handover is performed unless the MS determines a resourceretain timer of the SBS has expired.
 5. A mobile station (MS) forperforming an uncontrolled handover in a wireless access system, the MScomprising: a transmission module; a reception module; and a processorfor supporting the uncontrolled handover, wherein the MS is configuredto: receive, from a serving base station (SBS) via the reception module,a handover command message comprising one or more base stationidentifiers (BSIDs) of target base stations (TBSs) recommended by theSBS; transmit, to the SBS via the transmission module, a handoverindication message comprising an event code indicating all TBSs areunreachable and a BSID of a preferred TBS, when all TBSs are unreachableand the MS has the preferred TBS; perform a contention based CDMAranging procedure with the preferred TBS; transmit, to the preferred TBSvia the transmission module, a ranging request message comprising a basestation identifier of the SBS and a station identifier (STID) which theMS uses in the SBS; and receive, from the preferred TBS via thereception module, a ranging response message comprising a STID to beused in the preferred TBS.
 6. The mobile station according to claim 5,wherein the ranging response message is transmitted in response to theranging request message.
 7. The mobile station according to claim 5,wherein the ranging request message and the ranging response message areused for the uncontrolled handover.
 8. The mobile station according toclaim 5, wherein the uncontrolled handover is performed unless the MSdetermines a resource retain timer of the SBS has expired.
 9. A methodfor supporting an uncontrolled handover of a mobile station (MS), themethod comprising: transmitting, by a serving base station (SBS) to theMS, a handover command message comprising one or more base stationidentifiers (BSIDs) of target base stations (TBSs) recommended by theSBS; receiving, by the SBS from the MS, a handover indication messagecomprising an event code indicating all TBSs are unreachable and a BSIDof a preferred TBS, when all TBSs are unreachable and the MS has thepreferred TBS; performing, by the MS with the preferred TBS, acontention based CDMA ranging procedure; receiving, by the preferred TBSfrom the MS, a ranging request message comprising a base stationidentifier of the SBS and a station identifier (STID) which the MS usesin the SBS; and transmitting, by the preferred TBS to the MS, a rangingresponse message comprising a STID to be used in the preferred TBS. 10.The method according to claim 9, wherein the ranging response message istransmitted in response to the ranging request message.
 11. The methodaccording to claim 9, wherein the ranging request message and theranging response message are used for the uncontrolled handover.
 12. Themethod according to claim 9, wherein the uncontrolled handover isperformed unless the MS determines a resource retain timer of the SBShas expired.